Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LT0rlY3iEarfz1z733mNJUvDB7w.roa
File:                     LT0rlY3iEarfz1z733mNJUvDB7w.roa (raw, json)
Hash identifier:          /gN9Kc2afQLI8mOyWZBRkTquS2mlpwSd/3hVAyVf/eM=
Subject key identifier:   2D:3D:2B:95:8D:E2:11:AA:DF:CF:5C:FB:DF:79:8D:25:4B:C3:07:BC
Certificate issuer:       /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial:       019D298E87F3434F40191CE65241D5403B70
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LT0rlY3iEarfz1z733mNJUvDB7w.roa
Signing time:             Thu 26 Mar 2026 09:51:39 +0000
ROA not before:           Thu 26 Mar 2026 09:51:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213618
IP address blocks:        31.56.237.0/24 maxlen: 24
                          31.57.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:8e:87:f3:43:4f:40:19:1c:e6:52:41:d5:40:3b:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
        Validity
            Not Before: Mar 26 09:51:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d3d2b958de211aadfcf5cfbdf798d254bc307bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:68:8a:7f:a0:e1:3a:bb:22:c4:db:64:e5:42:
                    b4:c4:9c:fd:0a:8d:9d:6d:ac:cc:df:b8:b4:ea:8b:
                    e6:67:28:a3:ed:b5:94:db:cb:69:e8:4a:d8:6d:f0:
                    da:e5:5c:6d:34:af:c2:da:49:d0:b7:71:9d:23:27:
                    4f:64:57:12:0c:71:e7:40:17:5c:08:c2:d9:b2:1e:
                    ba:72:3d:86:4d:0c:b9:2f:8f:1f:53:7c:62:44:da:
                    67:35:81:c3:05:90:7f:e7:02:9a:3b:82:e7:7d:a1:
                    46:66:11:b4:00:77:ef:61:b2:7b:02:04:d8:94:e5:
                    d2:1e:4e:22:1a:5c:b6:72:ce:f3:03:d0:7b:c9:21:
                    aa:ba:0c:e7:10:38:59:db:3a:bc:2f:82:4a:7d:3e:
                    88:6c:eb:b1:6c:69:7c:96:ef:3c:cb:9b:65:cc:a1:
                    2d:18:45:91:d8:7b:ec:2b:78:71:c8:c0:ad:e9:db:
                    19:b5:27:c8:ca:a9:75:3e:89:31:2c:18:14:6f:09:
                    2c:f8:f4:73:20:29:5c:22:8c:79:ab:98:35:99:79:
                    75:ef:b3:3d:bb:26:d1:57:ea:dd:d6:e7:d2:f6:33:
                    77:e6:28:42:53:9d:f9:e8:47:ec:08:dd:ee:c5:87:
                    29:fe:71:f4:ba:46:30:26:ad:b6:1e:c8:99:93:43:
                    b5:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:3D:2B:95:8D:E2:11:AA:DF:CF:5C:FB:DF:79:8D:25:4B:C3:07:BC
            X509v3 Authority Key Identifier:
                keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/LT0rlY3iEarfz1z733mNJUvDB7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.56.237.0/24
                  31.57.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:68:3a:9c:22:f8:d2:d4:ae:e5:bf:48:4e:a8:92:0a:9d:d9:
         c0:41:ec:25:79:d4:ba:ee:97:e1:69:38:2b:67:bd:ba:63:fc:
         61:1a:76:cd:36:d9:bf:7e:19:b2:1e:7f:0c:7e:ff:b1:34:3b:
         8f:c7:23:6c:42:fb:40:12:42:80:2b:29:7a:40:13:e1:fa:47:
         6d:1c:fc:cf:39:29:a0:1d:f8:c7:c5:9f:62:e6:72:f1:48:15:
         5a:e9:ac:03:e9:90:8c:a2:4d:a5:63:f5:5a:4f:28:a7:13:65:
         d7:47:ff:5d:0f:bc:87:3e:90:8a:b4:01:b1:da:60:d4:32:72:
         e5:11:95:51:d1:ca:87:f2:74:4e:cd:c2:b9:79:a2:61:f5:99:
         34:a1:e5:9a:0a:bf:7a:b6:9e:44:93:26:98:6e:df:47:73:28:
         10:7d:39:15:71:8e:c8:d9:30:db:9b:ce:6e:7f:72:fc:a5:de:
         6e:70:7f:e6:ab:ac:e9:29:5f:79:2c:d3:3e:83:2d:05:c2:67:
         0f:87:7f:6a:d9:cc:53:4c:d0:06:04:da:c3:b6:0c:ac:83:97:
         e3:b6:da:d1:da:00:91:77:02:07:fa:06:a6:8c:6f:ec:a9:c3:
         cf:10:63:b2:e5:67:4f:8e:49:9b:bc:5d:3b:ef:fe:8b:19:3c:
         fd:ff:e9:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0pjofzQ09AGRzmUkHVQDtwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjYwMzI2MDk1MTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDNkMmI5NThkZTIxMWFhZGZjZjVjZmJkZjc5OGQyNTRiYzMwN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGiKf6DhOrsixNtk5UK0xJz9Co2d
bazM37i06ovmZyij7bWU28tp6ErYbfDa5VxtNK/C2knQt3GdIydPZFcSDHHnQBdc
CMLZsh66cj2GTQy5L48fU3xiRNpnNYHDBZB/5wKaO4LnfaFGZhG0AHfvYbJ7AgTY
lOXSHk4iGly2cs7zA9B7ySGqugznEDhZ2zq8L4JKfT6IbOuxbGl8lu88y5tlzKEt
GEWR2HvsK3hxyMCt6dsZtSfIyql1PokxLBgUbwks+PRzIClcIox5q5g1mXl177M9
uybRV+rd1ufS9jN35ihCU5356EfsCN3uxYcp/nH0ukYwJq22HsiZk0O1CQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC09K5WN4hGq389c+995jSVLwwe8MB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvTFQwcmxZM2lFYXJmejF6NzMzbU5KVXZEQjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHzjtAwQA
HzmMMA0GCSqGSIb3DQEBCwUAA4IBAQAraDqcIvjS1K7lv0hOqJIKndnAQewledS6
7pfhaTgrZ726Y/xhGnbNNtm/fhmyHn8Mfv+xNDuPxyNsQvtAEkKAKyl6QBPh+kdt
HPzPOSmgHfjHxZ9i5nLxSBVa6awD6ZCMok2lY/VaTyinE2XXR/9dD7yHPpCKtAGx
2mDUMnLlEZVR0cqH8nROzcK5eaJh9Zk0oeWaCr96tp5EkyaYbt9HcygQfTkVcY7I
2TDbm85uf3L8pd5ucH/mq6zpKV95LNM+gy0FwmcPh39q2cxTTNAGBNrDtgysg5fj
ttrR2gCRdwIH+gamjG/sqcPPEGOy5WdPjkmbvF077/6LGTz9/+kg
-----END CERTIFICATE-----